Roland Turner (Apache) wrote: > Hi all. > > Last week I posted the question below. It appears from the (near) > complete silence that followed that no-one knows. So, my new question is > about tomcat's change process. I've not submitted code to tomcat before, > so don't really where to start. Is simply posting a patch to this list > an appropriate place to start? > > - Raz > > On Sun, 2006-02-19 at 17:41 +0000, Roland Turner (Apache) wrote: > >>I note that StandardSession has notes on the authType and principal >>indicating that they are not included in the serialised form of the >>object, but no explanation of this choice is obvious. I also have the >>impression that there's some see-sawing on this; the limitation is >>present in 4.1.31 and 5.0.30, but some Googling shows this up in the >>5.0.20 changelog: >> >>Avoid serializing Subject/Principal when persisting the session >>(jfarcand)
I doubt there has been see-sawing. 4.1.x and 5.x have been developed in parallel so it is more likely that the change was made on the 4.1.x and the 5.0.x branch at roughly the same time although I haven't been back through the SVN logs to confirm this. As to the why, searching the archives for "serialize principal" turned up this thread: http://marc.theaimsgroup.com/?l=tomcat-dev&m=107841409104907&w=2 Not a complete explanation, but a start. Maybe some further digging in the archives would turn up the answer you are looking for. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
